• Kees Cook's avatar
    mm: allow slab_nomerge to be set at build time · 7660a6fd
    Kees Cook authored
    Some hardened environments want to build kernels with slab_nomerge
    already set (so that they do not depend on remembering to set the kernel
    command line option).  This is desired to reduce the risk of kernel heap
    overflows being able to overwrite objects from merged caches and changes
    the requirements for cache layout control, increasing the difficulty of
    these attacks.  By keeping caches unmerged, these kinds of exploits can
    usually only damage objects in the same cache (though the risk to
    metadata exploitation is unchanged).
    Link: http://lkml.kernel.org/r/20170620230911.GA25238@beast
    Signed-off-by: default avatarKees Cook <keescook@chromium.org>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>